Your message dated Fri, 25 Dec 2020 18:05:07 +0000
with message-id <e1ksrsd-0008bg...@fasolo.debian.org>
and subject line Bug#975305: fixed in node-axios 0.21.1+dfsg-1
has caused the Debian Bug report #975305,
regarding node-axios: CVE-2020-28168
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
975305: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975305
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-axios
Version: 0.21.0+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/axios/axios/issues/3369
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-axios.
CVE-2020-28168[0]:
| Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF)
| vulnerability where an attacker is able to bypass a proxy by providing
| a URL that responds with a redirect to a restricted host or IP
| address.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-28168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168
[1] https://github.com/axios/axios/issues/3369
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-axios
Source-Version: 0.21.1+dfsg-1
Done: Xavier Guimard <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-axios, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 975...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-axios package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Dec 2020 18:36:21 +0100
Source: node-axios
Architecture: source
Version: 0.21.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 975305
Changes:
node-axios (0.21.1+dfsg-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.5.1
* Modernize debian/watch
* New upstream version 0.21.1+dfsg (Closes: #975305, CVE-2020-28168)
Checksums-Sha1:
6b3eed3d4000d5a4f91638b0b624e01ac7df5cd6 2262 node-axios_0.21.1+dfsg-1.dsc
e93062559cd9b121100802b4ee408be7f84fcc53 68164
node-axios_0.21.1+dfsg.orig.tar.xz
d7b3ae201bfc0143153022f04cd354e1c40b2a05 5340
node-axios_0.21.1+dfsg-1.debian.tar.xz
Checksums-Sha256:
c25ba3231cce9d7531a6b79f06f8c4a6821cc6b655032c01fcc02a4b0919957d 2262
node-axios_0.21.1+dfsg-1.dsc
b8160380523570e6505e7218fd47aede13afd576c9136b59f1b24430667609c4 68164
node-axios_0.21.1+dfsg.orig.tar.xz
dde411f809f4cb8cd89a30b9cceb5ccc4765f425c2f12957c417cb09bfb131a4 5340
node-axios_0.21.1+dfsg-1.debian.tar.xz
Files:
19800f7b25c6aaf2f2a4bce572c964c1 2262 javascript optional
node-axios_0.21.1+dfsg-1.dsc
ca7210253a94c019cd38a4ca436b58ff 68164 javascript optional
node-axios_0.21.1+dfsg.orig.tar.xz
14491df6ed0d09248cdec99fd0028871 5340 javascript optional
node-axios_0.21.1+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl/mI/kACgkQ9tdMp8mZ
7umXxhAAkgc4J1jrf9vkVsrffDAwriI86AxaAb/S7Ih8L7LPGENbzri1NIvorG86
uMJ5Z4QRAKUvTzP2nREmb2ULrVtYeGAXV1o7ur+ebWMJkredcFu6+9niFHUqrv1k
OzClQDRilNk634B+UadsdM2MSfbgmjW6ZlQoivhkBDKRyqSxqsCDCKPyBJ38Nu+Q
7kgM+Wa015+rRX6xq8RTpfLX0EgXQa4hqjRM0e6sYtruS0pCXPJTW4YyEt6qu5YK
9Yfrl+H88uwh0JuVLAdG+tHQE67r3TbhsGKiJZ0uLno+9BJ7kvGBkP9op/xywEif
5VLsX1X5zQbJg1ECd2wo+pvKRvsw4ec8TGfTYR/bg4V3G/5iPwqJpokOGEu4DyEB
qCkbZ60vIxzibF2JY7tCJK5dj1DF4ZynvqDHTYKqhYQ/pQDVtA1ZnAA16JWVmn9Z
hO2sqwy1++fPY19YvnIPkRcLIeA6DoBszrpVqIdsdwuCWoKlpkOlgoCwtdiRXcWv
FOdeV81dTGORSfIGt6g/XxsEw/bLPZwzmRwInu0jJzCi042wVwlcZYNaos6pD3rt
j+FCaLnX7uz3Khx/rEFPBJ1UgD3V+Xv3v0NhTKL5s43FNZYWMuVZDm7NjNywIFhD
IW12/7zYHP+CMXQLTTxnnWmYxrOhmpENcdnecdQXZs/5WNl2Ywg=
=SYK3
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
